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Abstract 


In  this  paper  we  continue  to  investigate  the  impact  of  logic  synthesis  on  the  testability  of 
sequential  circuits  that  can  be  modeled  as  finite  state  machines.  Complete  testability  of  a 
sequential  circuit  is  ensured  by  guaranteeing  that  each  invalid  state  has  an  unperturbable 
distinguishing  sequence.  To  accomplish  this  we  present  a  novel  Boolean  minimization 
procedure  of  prime  implicant  generation  and  contrained  covering  based  on  the  Quine- 
McCluskey  algorithm  that  ensures  that  no  single  fault  can  both  produce  an  invalid  state 
and  corrupt  the  distinguishing  sequence  by  which  that  invalid  state  can  be  identified.  On 
completion,  it  guarantees  a  prime  and  irredundant.  fully  testable  Moore  or  Mealy  finite  state 
machine.  Given  a  two-level  circuit  with  these  properties  we  then  use  constrained  algebraic 
factorization  techniques  that  retain  the  invariant  that  no  single  fault  can  both  produce  an 
invalid  state  and  corrupt  the  distinguishing  sequence  by  which  that  invalid  state  is  detected. 


Besides  offering  a  more  detailed  understanding  of  the  sources  of  untestability  in  sequential 
circuits  than  previous  approaches,  this  approach  offers  significant  practical  advantages  as 
well.  It  is  applicable  to  a  wider  range  of  circuits  than  optimal  synthesis  procedures  whose 
utility  is  often  limited  by  prohibitively  high  CPU  requirements,  and  its  less  restrictive 
synthesis  constraints  result  in  lower  area  overhead  than  other  constrained  synthesis 
approaches.  These  observations  are  supported  by  experimental  results. 
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Abstract 

In  this  paper,  we  continue  to  investigate  the  impact  of  logic  synthe¬ 
sis  on  the  testability  of  sequential  circuits  that  can  be  modeled  as  finite 
state  machines.  Complete  testability  of  a  sequential  circuit  is  ensured  by 
guaranteeing  that  each  invalid  state  has  an  imperturbable  distinguishing 
sequence.  To  accomplish  this  we  present  a  novel  Boolean  minimization 
procedure  of  prime  impticant  generation  and  constrained  covering  l>ased 
on  the  Quine- McCluskey  algorithm  that  ensures  that  no  single  fault  can 
both  produce  an  invalid  state  and  corrupt  the  distinguishing  sequence 
by  which  that  invalid  state  can  be  identified.  On  completion,  it  guaran¬ 
tees  a  prime  and  irredundanl.  fully  testable  Moore  or  Mealy  finite  state 
machine.  Given  a  two-level  circuit  with  these  properties  we  then  use 
constrained  algebraic  factorization  techniques  that  retain  the  invariant 
that  no  single  fault  can  both  produce  an  invalid  state  and  corrupt  the 
distinguishing  sequence  by  which  that  invalid  state  is  detected. 

Besides  offering  a  more  detailed  understanding  of  the  sources  of 
untest  a  hi  lily  in  sequential  circuits  than  previous  approaches,  this  ap¬ 
proach  offers  significant  practical  advantages  as  well.  It  is  applicable  to 
a  wider  range  of  circuits  than  optimal  synthesis  procedures  whose  util¬ 
ity  is  often  limited  by  prohibitively  high  CPI1  requirements,  and  its  less 
restrictive  synthesis  constraints  result  in  lower  area  overhead  than  other 
constrained  synthesis  approaches.  These  observations  are  supported  by 
experimental  results. 

I  Introduction 

<  an  a  sequential  circuit  be  completely  tested  without  adding  scan  logic? 
This  is  perhaps  the  most  open  problem  in  the  area  of  testing.  One  nat¬ 
ural  approach  to  solving  this  problem  is  to  improve  current  sequential 
test  generation  algorithms.  The  primary  drawback  to  this  approach 
is  that  circuit  sizes  are  increasing  so  quickly  that  even  significant  im¬ 
provements  in  sequential  test  generation  algorithms  cannot  keep  up.  A 
radically  different  approach  is  synthesis  for  sequential  testability.  In 
this  approach  it  is  the  structure  of  the  circuit  itself  that  is  modified  to 
produce  fully  testable  designs. 

The  idea  that  logic  synthesis  and  optimization  can  have  a  very  pro¬ 
found  effect  on  the  testability  of  a  synthesized  combinational  or  sequen¬ 
tial  circuit  has  been  recognized.  The  relationship  between  testability 
and  Boolean  minimization  for  two-level  and  multi-level  combinational 
circuits  has  been  thoroughly  investigated  (5]  [l]  (4). 

Relationships  between  sequential  logic  synthesis  and  non-scan  sequen¬ 
tial  circuit  testability  are  equally  intimate.  Scan  logic  appears  to  be 
less  necessary  for  ensuring  the  testability  of  datapath  portions  of  cir¬ 
cuits  because  datapath  portions  have  less  feedback.  As  a  result,  the 
remaining  challenges  in  synthesizing  sequentially  testable  circuits  are  to 
synthesize  fully  /easily  testable  control  portious  and  to  combine  these 
with  datapath  portions.  Control  portions  are  commonly  modeled  as 
finite  state  machines  (FSMs).  Synthesis  of  fully  /easily  testable  FSMs 
is  possible  through  constrained  state  assignment  and  logic  optimization 
[3].  An  optimal  (sequentially  prime  and  irredundant)  synthesis  proce¬ 
dure.  involving  the  use  of  don't  care  seta  in  an  iterative  logic  minimiza¬ 
tion  strategy,  that  produces  an  irredundant  sequential  machine  with  no 
a  rea/per  forma  uce  overhead  waa  presented  in  [2]. 

Our  approach  represents  a  middle  path  between  the  CPU-intensive 
optimal  synthesis  procedure  of  (2J  and  the  area- penalizing  constrained 
synthesis  procedure  of  [3],  combining  the  advantages  of  both  approaches. 
Unlike  the  Approach  of  12],  complex  don't  care  sets  do  not  have  to  be  ex¬ 
ploiter!.  nor  is  repeated  logic  minimization  required.  The  procedure  also 
does  not  involve  the  addition  of  extra  edges  or  state  assignment  con¬ 
st  raints  as  in  [3].  The  FSM  is  described  at  the  State  Transition  Graph 
(STG)  level.  The  optimized  logic- level  implementat  ion  is  guaranteed  to 
be  fully  testable  for  all  single  stuck-at  faults  in  the  combinational  logic 
without  access  to  the  memory  elements. 

The  approach  of  this  paper  is  to  use  synthesis  to  ensure  the  com¬ 
plete  testability  of  a  sequential  circuit  implementing  a  FSM  by  ensuring 


that  eacli  invalid  state  has  an  unpert urbable  distinguishing  sequence. 
To  accomplish  this  we  present  a  novel  Boolean  minimization  prvcednrr 
of  prime  implicanf  generation  and  constrained  covering  based  on  the 
Quine-McCluskey  algorithm  that  ensures  that  no  single  fault  can  both 
produce  an  invalid  state  and  corrupt  the  distinguishing  sequence  by 
which  that  invalid  state  can  be  identified.  On  completion,  it  guarantees 
a  prime  and  irredundant.  fully  testable  Moore  or  Mealy  FSM.  Given  a 
two-level  circuit  with  these  properties,  we  then  define  constrained  alge¬ 
braic  factorization  techniques  that  retain  the  invariant  that  no  single 
fault  can  both  produce  an  invalid  state  and  corrupt  (lie  dist iuguishing 
sequence  by  which  that  invalid  state  is  detected. 

Besides  offering  a  more  detailed  understanding  of  the  sources  of 
untestability  in  sequential  circuits  than  these  previous  approaches,  this 
approach  offers  significant  practical  advantages  as  well.  It  is  applicable 
to  a  wider  range  of  circuits  than  optimal  synthesis  procedures  whose 
utility  is  often  limited  by  prohibitively  high  GPU  requirements,  and  its 
less  restrictive  synthesis  constraints  result  in  less  area  overhead  than 
other  constrained  synthesis  approaches.  These  observations  are  $u|>- 
ported  by  our  preliminary  experimental  results. 

Basic  definitions  and  terminology  are  given  in  Section  2.  Procedures 
to  synthesize  fullv  testable  FSMs  implemented  by  two-level  and  multi¬ 
level  combinational  networks  are  described  in  Sections  3  and  A.  respec¬ 
tively.  The  required  modifications  to  the  covering  step  in  two-level 
Boolean  minimization  are  described  in  Section  r>.  Preliminarv  exper¬ 
imental  results  are  given  in  Section  0. 

2  Preliminaries 

A  cube  is  wrilleii  *s  a  bit  vector  on  a  set  of  variables  willt  eacli  bit 
position  representing  a  distinct  variable,  l  lie  values  taken  by  each  bit 
can  be  1.  0  or  2  (or  -  or  don't  care),  signifying  t lie  true  form,  negated 
form  and  non-existenee  respectively  of  llie  variable  rorre*]>omlmg  to 
tliat  position.  A  ininterm  is  a  cube  with  only  0  and  I  entries. 

A  minlerm  »i|  is  said  to  dominate  (ni|  □  ">i)  if  for  each  position 
that  m,  has  a  1,  >>■,  also  has  a  I. 

A  finite  slate  machine  ( FSM )  is  represented  In  its  State  Transition 
Graph  (STG).  6(1.  F.  II  (£))  where  I  is  flu*  set  of  vertices  corre¬ 
sponding  to  the  set  of  states  S.  ||.SJ(  =  .V,  is  the  cardinality  of  the  set 
of  states  of  the  FSM.  An  edge  joins  r,  to  r}  if  there  is  any  vector  of  pri¬ 
mary  input  values  that  causes  the  FSM  to  evolve  from  state  r,  to  stale 
fj.  IU(£*)  is  a  set  of  labels  attached  to  each  edge.  For  the  purposes 
of  this  paper,  we  define  each  label  as  au  ordered  Ttiiplr  <  i.s.s'.n  > 
where  t  is  a  ininterm  over  the  primary  inputs,  s  and  s'  are  minierms 
over  the  slate  variables  and  o  is  a  ininterm  over  the  primarv  outputs. 
The  pair  <  s'.o  >  corresponds  to  tfie  output  plane  of  a  truth  table 
representation  of  the  FSM.  The  pail  <  i.  s  >  corresponds  to  a  1  ninl «*rin 
in  the  input  plane  of  a  truth-table  representation  of  the  FSM;  for  each 
edge  we  will  refer  to  the  set  of  all  such  pairs  as  the  input-labels  of  that 
edge. 

We  denote  the  primary  input  combination  and  present  state  corre¬ 
sponding  to  an  edge  or  set  of  edges  is  i  <j  s,  where  i  and  a  are  cu!h*s 
over  the  set  of  inputs  and  stales  respectively.  The  faniti  of  a  state.  </  is 
a  set  of  edges  and  is  denoted  fanni(q). 

A  starting  or  initial  stale  is  assumed  to  exist  for  a  machine,  also 
called  the  reset  state.  Given  a  logic-level  finite  state  machine  with 
A*  latches.  2s*  possible  states  exist  in  the  machine.  A  state  which 
can  be  reached  from  the  reset  state  via  some  input  vector  sequence  is 
called  a  valid  state  in  the  STG.  The  input  vector  sequence  is  called  the 
justification  sequence  for  that  state.  A  stale  for  which  no  justification 
sequence  exists  is  called  an  invalid  state.  Given  a  fault  F.  the  Slate 
Transition  Graph  of  the  machine  with  the  fault  is  denoted  Gr .  Two 
stales  in  a  State  transition  Graph  O  are  equivalent  if  all  possible 
input  sequences  when  the  machine  is  initially  in  either  of  (he  two  states 
produce  the  same  output  response. 

A  State  Transition  Graph  (»j  »s  said  to  be  isomorphic  to  another 
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(a)  (b) 


Figure  1:  Sequential  Machines 


State  Transition  Graph  G 2  if  and  only  if  they  are  identical  except  for  a 
renaming  of  stales. 

A  primitive  gale  in  a  network  is  prime  if  none  of  its  inputs  can  be 
removed  without  causing  the  resulting  circuit  to  be  functionally  differ¬ 
ent.  A  gate  is  irredundant  if  its  removal  causes  the  resulting  circuit  to 
be  functionally  different.  A  gate-level  circuit  is  said  to  be  prime  if  all 
the  gates  are  prinw  and  irredundant  if  all  the  gates  are  irredundant. 
It  can  be  shown  t  hat  a  gate-level  circuit  is  prime  and  irredundant  if  and 
only  if  it  is  100%  testable  for  all  single  stuck- at  faults  [ij. 

Ue  differentiate  between  two  kinds  of  redundancies  in  a  sequential 
circuit.  If  the  effect  of  the  fault  cannot  be  ol**erved  a!  the  primary 
outputs  or  the  next  state  lines,  beginning  from  any  state,  with  any 
input  vector,  the  fault  is  deemed  cornbinationally  redundant.  A 
sequentially  redundant  fault  is  a  fault  that  cannot  be  detected  by 
any  input  sequence  and  is  not  combinationaliy  redundant  . 

An  edge  in  a  State  Transition  Graph  (STG)  of  a  machine  is  said  to 
l>e  corrupted  by  a  fault  if  either  the  fanout  state  or  an  output  label 
of  this  edge  is  changed  because  of  the  existence  of  the  fault.  A  path  in 
a  Slate  Transition  Graph  is  said  to  be  corrupted  if  at  least  one  edge  in 
the  path  has  been  corrupted. 

Internal  single  stuck- *t  faults  in  a  logic  network  are  faults  on  internal 
lines  (not  primarv  input  or  primarv  outputs)  that  are  not  equivalent  to 
single  or  multiple  primary  output  stnck-a!  faults. 

3  Fully  Testable  Machines  with  Two-level 
Logic  Implementations 

3.1  Introduction 

Models  for  Moore  and  Mealv  machines  are  shown  in  Figure  1(a)  and 
(b).  Variations  of  the  results  below  were  proven  in  [2]  (c.  /.  Lemma 
4.1.  Theorems  4.2  and  4.4). 

Lemma  3.1  :  (firm  a  reduced  Mootr  or  Mealy  machine  with  X,  <  2rt 
states,  where  n  is  the  number  of  latches  in  the  machine,  all  single  stuck - 
at  faults  on  the  primary  input  (Pl)/ptrscnt  state  (PS)  lines  and  all 
single  and  multiple  stucl-af  faults  on  primary  output  (PO)/nert  slate 
fines  (XS)  are  testable,  if  the  combinational  logic  of  the  machine  is  prime 
and  irredundant. 

Theorem  3.1  .  Given  a  reduced  Moore  or  Mealy  machine  with  2" 
states,  where  11  is  the  number  of  latches  m  the  machine,  if  the  combina¬ 
tional  logic  of  (he  machine  is  prime  and  irredundant  and  ts  implemented 
in  two-le  rel  form  or  algebraically  factored  multi-level  form,  then  the  t?m- 
chine  is  fully  testable  for  all  single  stuck-at  faults  in  the  combinational 
logic. 

In  general,  machines  will  have  jVf  <  2n  states,  where  11  is  the  number 
of  latches  in  the  machine.  Many  invalid  states  may  exist  that  cannot  be 
reached  from  the  reset  state  of  the  machine.  Invalid  states  pose  a  major 
problem  in  testability-driven  synthesis.  A  fault  may  be  sequentially 
redundant,  if  it  requires  an  invalid  state  to  be  detected.  In  order  that 
no  fault  requires  an  invalid  state  to  be  detected,  the  invalid  state  codes 
have  to  !>e  used  as  don't  cares  in  logic  minimization.  However,  if  these 
stale*  are.  in  fact,  used  as  don't  cares,  then  they  may  be  equivalent 
to  some  valid  stale  in  G.  Thus,  we  may  have  a  situation  where  a  fault 
results  in  a  corrupted  edge(s)  going  to  an  invalid  state  that  is  equivalent 
to  the  true  valid  next  state.  Tliis  fault  is  redundant.  More  complicated 
redundancies  can  be  envisioned  which  involve  invalid  states  that  are  not 
equivalent  to  valid  states  in  G.  becoming  equivalent  to  valid  states  in 
Gf. 

3.2  Fully  Testable  Moore  Machines 

The  '( ralegy  uwd  here  modified  Hie  logic  minimization  process  using  the 
ill's  lift  .isles  as  don't  csres.  jo  for  each  invalid  stale  ie  the  following 
conditions  are  satisfied. 


1.  Iv  is  not  required  to  detect  any  fault  F  in  t  he  machine  .S'. 

2.  /t>  is  distinguishable  from  any  valid  stale  in  a  specified  number 
( >  I )  of  st  ate  transitions  or  ir  never  Api>eArs  as  a  fault'  next  *t»le. 
that  is  equivalent  to  Hie  true  next  slate. 

The  goal  of  the  minimization  procedure  is  to  satisfy  Conditions  I  and  > 
and  produce  an  area-minimal  logic  circuit.  To  this  end.  ue  modify  the 
prime  impticant  generation  and  covering  steps  that  are  basic  to  two- level 
Boolean  minimization. 

Consider  the  Moore  machine  of  Figure  1(a).  We  can  state  the  follow¬ 
ing  result. 

Lemma  3.2  :  //  a  reduced  Moon  machine  tilth  stoles  m  such  that 
the  NSL  and  OL  block,  are  prim f  and  irredundant  under  the  inraltd 
slate  don't  care  set.  and  each  invalid  stale  has  an  output  distinct  from 
all  valid  stales,  then  the  machine  is  fully  testable. 

Thus,  a  preliminary  minimization  strategy  is  as  follows:  While  mini¬ 
mizing  the  OL  bloeli  with  the  invalid  states  as  don *1  cares,  during  cov¬ 
ering  we  select  an  irredundant  set  of  primes  such  that  all  or  a  maximal 
nil li i her  of  invalid  stales  have  distincl  outputs  from  all  Ihc  valid  sisu-s. 
If  we  obtain  a  cover  where  each  invalid  stale  asserts  asserts  different 
outputs  from  all  the  valid  stales,  then  the  NSI.  block  can  lie  uncondi¬ 
tionally  minimized  with  the  invalid  states  specified  as  don't  cares  and 
the  resulting  machine  will  Ire  fully  testable  by  Theorem  3.2. 

It  may  not  always  Ire  jrossible  to  perform  such  a  select  ion.  Heipiiring 
primalily  and  irredundaney  for  a  cover  may  rondict  with  the  output 
requirement.  The  rovering  algorithm  can  instead  Ire  made  to  produce 
a  prime  and  irredundant  cover  with  a  inariinat  set  of  invalid  slates 
asserting  distinct  outputs  from  all  the  valid  stales.  Some  invalid  stales 
may  asserl  Ihe  same  outputs  as  a  valid  slale.  For  lliesc-  invalid  siairs. 
we  need  to  modify  the  minimization  procedure  of  the  NSL  block,  so  as 
to  produce  a  fully  testable  machine. 

The  paradigm  followed  here  is  to  ensure  that  Ihe  distinguishing  se¬ 
quences.  for  possible  faulty  fanll-free/siate  pairs  produced  due  lo  a 
fault,  are  uncorrupled  by  tlial  fault.  These  sequences  may.  of  course,  he 
corrupted  by  other  faults.  This  is  accomplished  Iry  defining  the  notion 
of  fault-elTect-dis  joint  ness  (FK-disjointness)  between  a  pair  of  edges  and 
applying  it  to  two-level  combinational  networks. 

Definition  3.1  :  Given  a  FSM  M .  a  STG  G  npresin  ting  M  and  a 
logic-level  implementation  L  of  M  .  a  fault  f  is  said  to  perlurh  an  input, 
label  111  of  an  edge  c  in  G  if  and  only  if  the  fault  in  I.  causes  the  input- 
label  lo  be  removed  f win  r  (and  in  need  to  another  edge ). 

Definition  3*2  :  Given  a  FSM  M  and  a  STG  G  rtpirseiihng  ,\l .  a 
logic-level  implementation  L  of  M .  and  Inn  input-lahels  in,  an d  nt,  of 
(ten  edges  c,  and  e2  in  G.  Ihe  tiro  labels  in,  and  ni3  are  said  to  he  FF- 
disjoinl  over  a  set  of  faults  F  €  L  ef  no  fault  in  F  perturbs  both  rrr ,  and 

irij. 

Definition  3.3  :  .4  Distanre-b. prime-cube  (D-l-pnin. -ruhe )  of  a 

prime  cube  c  is  a  cube  lhal  has  eraclty  Ihe  variable s  of  c  and  a  I  10)  in 
eraclly  k  positions  uhtre  c  has  a  0  (l).  in  any  combination . 

It  is  only  meaningful  to  talk  about  a  D-k -prime  rube  relative  to  a  par¬ 
ticular  prime  ettbe,  but  whenever  the  prime  ruhe  lhal  is  being  referred 
to  is  unambiguous  we  will  use  the  term  D-k-primi  cube  to  abbreviate 
D-k-prime  cube  relative  to  a  prime  cube. 

Lemma  3.3  :  Given  M.  G  and  o  tun. level  implementation  of  T  of  \l . 
and  a  single  internal  fault  f  in  T  lhal  perturbs  an  input. label  w  of  an 
edge  c  in  (7.  if  f  is  a  s-a-tl  fault  on  thi  output  of  an  .1 .37)  gali  g,  of  T 
then  m  tx  contained  within  the  prime  cub e  axsociahd  ti  lth  y,.  and  if  f  /< 
a  n-a-1  fault  on  the  input  of  an  ,\.\l)  gate  y}  of  J  thni  ni  is  contain, d 
within  a  D-l-pnme-cnbe  relative  to  g}. 

We  now  stale  a  theorem  regarding  sufficient  conditions  for  two  edge 
labels  to  be  FE-disjoinl  over  a-a-0  or  s-a-1  internal  faults  in  a  lwo-lc\el 
network. 

Theorem  3.2  :  Given  M .  G  and  T  an  above,  two  input-lahelx  m(  and 
m 2  nre  FE-disjowt  over  internal  *-a-0  (s-a-l)  fault *  in  a  tuo-lerel  net¬ 
work,  if  one  of  the  following  condition $  ts  satixfied: 

1.  in i  and  in 2  <inr  not  hath  contained  in  any  prime  (not  both  contamtd 
in  any  D- 1 -prime-cube)  in  T . 

2.  m»|  flwrf  ?»2  arf  both  contained  in  a  prime  jq  (or  mi  <i 

cube  of  a  rrim *  p2).  »»i  or  »»*  »*  contained  in  some  other 

prime  p$  that  axxrrix  the  xante  outputs  ax  the  prime  jq  fnr/qj. 

V\e  are  now  in  a  position  to  define  a  procedure  that  produce*  a  fulls 
testable  Moore  marliine- 


2 


1.  The  OL  block  is  minimized  with  t lie  invalid  states  used  as  don't 
cares,  attempting  to  make  sure  that  a  maximal  number  of  invalid 
stales  produce  different  output  combinations  from  all  or  a  maximal 
number  of  valid  states.  If  all  invalid  states  produce  different  outputs 
from  each  of  the  valid  states,  unconditionally  minimize  the  NSL 
block  and  exit.  (Two  invalid  states  are  allowed  to  produce  the 
same  output ). 

2.  For  each  invalid  state  ir*.  find  the  set  of  valid  states 
Ql  =  <lk  i»  ••  <7*- Nt  that  assert  the  same  output  combination  as 
the  invalid  slate,  and  such  that  ir*  □  qtj  or  □  ip*. 

3.  Perform  a  two-level  Boolean  minimization  on  the  logic  of  the  NSL 
block,  meeting  the  following  conditions: 

(a)  Pse  the  invalid  stales  as  don't  cares  for  all  primary  input  val¬ 
ues. 

(b)  For  each  invalid  state  ir*,  ensure  that  there  exists  a  PI  vector 

i*;  that  distinguishes  ir*  and  6  Qt.  1  <  j  <  Nk*  That 
is.  iij  produces  different  next  stales  for  ir*  and  qtj.  such  that 
the  next  states  assert  different  output  combinations,  via  an 
appropriate  selection  of  primes.  Also,  the  vector  pairs  corre¬ 
sponding  to  v  €  and  it]  ir*  are  constrained  to 

be  FE-disjoint  over  (each  individual  fault  in)  the  s-a-0  (s-a-1) 
internal  faults  in  the  network  corresponding  to  the  cover  if 
qij  3  ir*  (ir*  □  v*a  Wi  appropriate  selection  of  primes 
that  satisfy  the  conditions  of  Theorem  3.2. 

Theorem  3-3  :  //  Ihr  p rondure  abort  completes  successfully,  it  pro¬ 
duces  a  fully  testable  Moon  machine. 

3.3  Fully  Testable  Mealy  Machines 

The  procedure  is  easily  extended  to  the  Mealy  machine  case  (Figure 
1(b)).  The  Mealy  machine  case  offers  additional  flexibility  in  the  choice 
of  distinguishing  vectors  for  any  pair  of  states.  We  can  state  the  follow¬ 
ing  result. 

Lemma  3.4  :  ff  a  neiucee I  Mealy  machine  with  ;V,  states  is  such  that 
the  \$L  and  OL  blocks  are  prime  and  irredundant  under  the  invalid 
state  don't  care  set  and  each  invalid  stale  is  distinguishable  in  a  single 
slate  transition  from  all  valid  stales,  then  the  machine  is  fully  testable. 

The  procedure  to  produce  a  fully  testable  Mealy  machine  is  similar 
to  the  Moore  machine  procedure,  except  that  during  the  minimization 
of  the  OL  block,  we  can  make  choices  as  to  what  vectors  can  he  used 
to  distinguish  the  invalid  and  valid  -states,  while  maintaining  priinality 
and  irredundaucy  of  the  OL  block  cover.  During  the  minimization  of 
the  NSL  block,  we  effectively  ensure  for  slate  pairs  that,  do  not  have  a 
distinguishing  vector  that  a  two- vector  distinguishing  sequence  for  the 
pair  is  uncorrupled.  if  the  two  states  are  produced  as  a  faulty/fault-free 
pair. 

4  Fully  Testable  Machines  with  Multi¬ 
level  Logic  Implementations 

4.1  Introduction 

In  this  section,  we  extend  the  results  of  the  previous  section  to  alge¬ 
braically  factored  multi-level  implementations.  Algebraically  factored 
networks  are  discussed  in  [4]  where  it  is  shown  that  each  single  internal 
fault  in  an  mufti-level  implementation  that  was  algebraically  factored 
from  a  prime  and  irredundant  Iwo-level  network  is  equivalent  to  a  mul¬ 
tiple  internal  fault  in  the  two-level  network.  We  therefore  begin  with 
perturbation  conditions  for  input -labels  under  a  multiple  fault  in  two- 
level  networks,  and  then  apply  these  results  to  algebraically  factored 
networks. 

4.2  S-a-0  Faults  in  a  Multi-Level  Network 
Lemma  4.1  .*  Given  M .  G  and  T  as  in  Definition  3.1  and  a  multiple  s- 
a-0  title  rant  fault  f  in  T.  if  f  perturbs  an  input-label  m  in  G  then  every 
prime  in  which  tit  is  contained  is  affected  by  the  fault.  Furthermore . 
that  perturbation  n  suits  in  some  tiert  state  eyirirtWc  that  formerly  was 
1  to  become  0. 

Theorem  4.1  ;  Given  M .  G  and  T  as  above,  lei  A  be  an  alaebraic 
factorization  ofT.  Let  W|  and  m2  be  two  input  labels  of  G  ana  tel  P\ 
he  the  set  of  all  primes  of  T  that  cover  »»i  and  let  Pj  be  the  set  of  all 
primes  ofT  that  cover  m2.  If  both  t»|  and  wj  are  not  contained  in  any 
single  prime  cube  mi  T.  and  no  factor  ertracted  in  the  factorization  of 
A  contains  a  set  of  cubes  C'  such  that  for  every  prime  in  p  in  Py.  some 
c  in  C  is  a  «n6ro6f  of  flint  for  every  prmtr  in  q  in  Pj.  some  et  in  C 
is  a  subcuhe  of  q.  then  mx  and  nij  arc  FE-disjoinl  over  internal  s-a-0 
faults  in  A. 


4.3  S-a-1  Faults  in  a  Multi-Level  Network 

FSMs  implemented  by  multi-level  networks  arc  more  sensiti\e  to  inter¬ 
nal  s-a-1  faults  than  to  s-a-0  faults.  In  the  case  of  s-a-0  faults,  each 
input-label  m  that  is  a  member  of  the  O.Y-sel  is  covered  by  some  set  of 
primes  and  for  »«  to  be  |>erturbed  all  of  those  primes  must  be  affected 
by  some  s-a-0  fault.  If  an  inpul-label  m  is  a  member  of  the  OFF- sri 
then  for  each  prime  p  in  T  there  exists  a  k  such  that  m  is  contained  in 
a  D-k-prime  with  respect  to  p.  and  a  multiple  s-a-i  fault  affecting  any 
of  the  primes  in  T  may  pert  urb  in. 

Lemma  4.2  :  Given  M.G  andT  as  above,  and  a  multiple  s-a-1  infer¬ 
nal  fault  f  in  T.  if  f  perturbs  an  mput-lnbe  l  in  in  G  linn  in  is  confound 
within  a  D-k-prime  relative  to  an  affected  pnmt  of  T  and  in  is  not  con¬ 
tained  in  any  other  prime  ofT.  Furthermore,  that  perturbation  results 
in  some  next  state  variable  that  formerly  was  0  to  become  J. 

Theorem  4.2  *  Given  M.  G  and  T  as  above,  let  A  be  an  algebraic 
factorization  ofT.  Let  it?  *  and  in2  be  tno  input-labels  of  G.  Let  /. 
containing  a  set  of  cubes  C.  be  an  arbitrary  factor  in  A.  If  when  each 
literal  of  each  cube  of  C  is  erpanded  in  each  prime  m  T  in  which  it 
appears,  their  does  not  enst  an  erpanded  prime  p  in  T  that  covers  in, 
and  an  erpanded  prime  q  in  T  that  covers  in 2.  then  »>»,  and  w2  are 
FE-disjoint  over  interval  s-a-1  faults  in  .1. 

These  theorems  give  us  constraints  sufficient  to  ensure  that  no  factor 
extracted  from  the  network  results  in  a  network  structure  in  which  a 
single  fault  perturlw  both  input  labels. 

5  The  Covering  Step 

In  Section  3.  we  qualitatively  described  Die  requirements  to  be  met 
during  the  prime  implicant  selection  or  covering  step  in  order  to  pro¬ 
duce  fully  testable  sequential  circuits.  In  (his  section,  we  describe  the 
covering  algorithm  in  detail. 

One  goal  of  the  covering  algorithm  is  to  attempt  to  produce  a  prime 
and  irredundant  cover  under  the  invalid  slate  don't  can  set  which  has  a 
maximal  number  of  invalid  states  assert  ing  different  outputs  from  all  the 
valid  states.  This  is  achieved  via  the  procedure  below,  which  receive* 
as  input  the  prime  implicant  table.  T,  corresponding  to  the  OL  block 
specification. 

1.  Find  all  essential  prime  implicants  (EPIs)  in  1\ 

2.  Pick  a  (new)  invalid  stale,  ir. 

3.  Find  all  EPIs  in  T  t  hat  contain  I  lie  invalid  si  ate.  Let  the  set  of  PO« 
that  are  asserted  by  any  of  these  EPIs.  be  PO"  .  We  know  that  the 
outputs  asserted  by  the  invalid  stale  in  any  prime  and  irredundant 
cover  has  to  he  D  PO"' .  Pick  a  (new)  c  O  PO"  for  ir  (the  set  of 
outputs  to  he  asserted  by  »r)  such  that: 

(a)  Primes  that  contain  ir  ami  assert  outputs  in  c-  PO”  exist 
in  T. 

(h)  c  is  different  from  all  or  a  maximal  number  of  valid  slates  that 
dominate  fr  or  are  dominated  by  ir. 

4.  Find  ail  primes  in  T  that  contain  ir  and  assert  outputs  iot  in  c. 
i.e.  c.  Sequentially  e\e late  the  rows  corresj>ouding  to  these  primes 
from  /  .  checking  after  each  deletion  as  to  whether  tin  next  prime 
to  be  deleted  has  become  essential  due  to  the  previous  deletions. 
If  a  prime.  tliAl  is  to  he  deleted,  becomes  essential,  then  it  means 
that  we  cannot  find  a  prime  and  irredundant  cov»*r.  where  ir  asserfs 
c.  Go  to  Step  3  ami  select  a  new  r.  If  all  choices  for  r  have  l>eeii 
exhausted,  go  to  Step  2. 

5.  Add  the  invalid  stales  wit  It  the  chosen  outputs  as  columns  to  T. 
This  is  to  ensure  that  a  selection  of  primes  will  be  made  that  result* 
in  the  invalid  slates  asserting  the  outputs  picked  at  Step  3.  (Don’t 
cares  are  not  added  as  columns  to  the  prime  implicant  table  in 
st  andard  minimizal  ion ). 

6.  Solve  the  covering  problem  on  the  modified  T  using  standard 
heuristic  or  exact  coveriitr  algorithms.  In  order  to  ensure  full  testa¬ 
bility.  when  a  prime  is  elected  at  any  stage  in  the  covering,  the 
number  of  Is  in  the  output  part  of  the  prime  is  reduced  maximally 
1 .  Also,  we  do  not  add  a  prime  to  the  selected  set.  unless  at  least 
one  required  vertex  is  outside  the  invalid  state  DC-set  and  the  out¬ 
put  part  of  the  prime  is  reduced  taking  into  account  this  DC-set. 

The  procedure  described  above  was  for  Moore  machine*.  The  corre¬ 
sponding  Mea’y  machine  procedure  is  only  different  in  that  at  Step  \ 
we  choose  a  primary  input  vector  that  can  distinguish  all  or  a  maximal 
number  of  valid  states  from  ir. 

* Thi*  may  mean  lhal  I  lie  selerieH  cube  uni  a  prints  in  il»e  «trict  rniw 
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Ourr  (lif  OL  block  has  licrn  minimized.  flic  NSL  block  ho*  to  mini¬ 
mized  obeying  constraints  similar  to  those  above  for  the  invalid  slates 
dial  a.wn  the  same  output  *  as  some  valid  state(s)  (they  have  to  be 
distinguishable  from  (lie  valid  state(s)).  We  also  have  to  ensure  that 
the  rli«i ingiiishiiig  vectors  detect  disjoint  sets  of  faults.  The  covering 
procedure  is  similar  to  the  procedure  described  above;  however,  since 
the  NSL  block  receives  inputs  from  both  the  primary  inputs  as  well  the 
present  stales,  we  have  quite  some  flexibility  in  choosing  distinguishing 
vectors  and  the  next  stales  produced  by  the  distinguishing  vectors. 

1.  Find  all  essential  prime  iniplicants  (EPIs)  in  T. 

2.  Pick  a  (new)  invalid  slate,  if. 

:t.  Pick  a  (new)  input  combination  pi. 

4.  Find  all  EPIs  in  T  that  contain  pi  'ts  if.  Let  the  set  of  NS  lines  that 
are  asserted  by  any  of  these  EPIs.  be  /V S’"  •  We  know  that  the 
NS  lines  asserted  by  the  invalid  state,  for  this  primary  input,  in  any 
prime  and  irrediindant  cover  has  to  be  3  A" S’"  *  *"■  Pick  a  (new) 
c  3  .V Sr>  *  "  for  if  (the  set  of  NS  lines  asserted  by  pi  'S’  if)  so: 

(a)  Primes  that  contain  pi  '(v  if  and  assert  outputs  in  c—NSr'  0 
exist  in  T. 

(b)  The  output  of  r  is  different  from  the  output  of  the  next  state 
of  all  or  a  maximal  number  of  valid  states.  V’.  (that  are  not 
already  distinguished  and  which  dominate  if  or  are  dominated 
by  if)  on  receiving  pi. 

5.  Find  all  primes  in  T  that  contain  pi  <1  if  and  assert  NS  lines  not 
in  c.  i.e.  c.  Also,  find  all  primes  which  contain  both  pi  §  if 
and  r  €  /nniti(l  )  or  whose  D- 1 -prime-cu lies  contain  both  pi  '<?  if 
and  e  €  /uuiii(t').  Sequentially  delete  the  rows  corresponding  to 
these  primes  from  T.  checking  after  each  deletion  as  to  whether  the 
next  prime  to  be  deleted  has  liecoine  essential  due  to  the  previous 
deletions.  If  a  prime,  (hat  is  to  be  deleted,  becomes  essential,  (hen 
it  means  that  we  cannot  find  a  prime  and  irredtindaiit  cover,  where 
pi  ■<!  if  asserts  c.  t.'o  to  Step  t  and  select  a  new  c.  If  all  choices  for 
r  have  been  exhausted,  go  to  Step  3. 

0.  If.  at  Step  4(b).  not  all  the  valid  states  have  different  next  states 
from  if  on  receiving  pi.  go  to  Step  3  and  attempt  to  distinguish 
the  remaining  valid  slates  from  if. 

7.  Add  the  primary  input  vectors  and  invalid  stales  with  the  chosen 
outputs  as  columns  to  T. 

8.  Solve  the  covering  problem  on  the  modified  T  using  standard 
heuristic  or  exact  covering  algorithms. 

At  Step  4(b).  we  only  deal  at  any  given  pass  with  valid  states  that  have 
the  same  outputs  as  if  or  those  that  have  not  as  yet  been  distinguished 
from  if. 

6  Results 

In  this  section,  we  present  preliminary  experimental  results  using  the 
synthesis  algorithms  presented  in  Sections  3  and  4. 

A  standard  unconstrained  synthesis  procedure  was  first  adopted.  Af¬ 
ter  synthesis,  tests  were  generated  for  the  circuit  using  a  sequential 
test  generator.  Next,  we  used  the  synthesis  procedure  described.  Af¬ 
ter  state  minimization  and  unconstrained  stale  assignment,  two- level 
Boolean  minimization  with  constrained  covering  was  carried  out.  If  each 
invalid  Mate  asserted  different  outputs  from  all  the  valid  states,  then  an 
unconstrained  multi-level  logic  optimization  step  was  performed.  Else, 
two  different  options  of  constrained  algebraic  factorization  and  uncon¬ 
strained  algebraic /Boolean  optimization  were  exercised.  Note  that  in 
tlie  latter  case,  we  cannot  guarantee  100%  testability.  The  propagation 
step  in  sequential  test  generation  is  avoided,  since  we  already  know  all 
the  (incorrupt ed  distinguishing  sequences  for  each  possible  faulty/fault- 
free  state  pair. 

We  chose  some  benchmark  examples  from  the  MCNC  Logic  Synthesis 
Workshop  as  test  cases.  The  examples  had  between  24  and  130  states. 
Results  obtained  by  running  the  standard  synthesis  procedure  and  the 
two  options  in  the  new  procedure  are  summarized  in  Table  1  under 
the  columns  STANDARD.  COVER -A  and  COVER- B.  The  number  of 
literals  in  the  combinational  logic  (lit),  fault  coverage  obtained  (fcov) 
ami  the  CPU  time  for  test  generation  (Ipg  time)  are  indicated  in  the 
three  cases.  All  the  CPU  times  are  on  a  VAX  11/8800. 

COVER- A  results  in  100%  testable  designs  with  small  area  overheads, 
that  require  less  CPU  time  for  test  generation  than  the  STANDARD 
procedure.  We  cannot  guarantee  full  testability  via  COVER-B,  but  it 
allows  for  the  use  of  more  powerful  Boolean  operations  and  hence  the 
area  overhead  is  smaller  than  via  COVER- A.  Highly  (>  99%)  testable 
realizations  are  obtained  in  all  cases  via  COVER-B. 
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’  Involves  the  addition  of  an  extra  input  and  output. 

2  Tlie  synthesis  procedure  was  terminated  after  2  hours. 


We  next  compare  this  approach  with  previous  proposed  synthesis 
approaches  to  achieve  full  testability.  The  comparisons  are  presented  in 
Table  2.  Under  the  column  (‘OVER,  we  give  tlie  result  corresponding  to 
COVER-B.  if  the  resulting  design  was  fully  testable.  Else,  we  give  the 
result  of  COVER-A.  The  column  ( ‘ONS'l'R.MN  has  t  he  results  obtained 
by  using  tlie  constrained  state  assignment  ami  logic  optimization  pro¬ 
cedure  of  [3].  The  column  OPTSYN  has  the  results  using  the  optimal 
synthesis  procedure  of  (2).  The  number  of  literals  in  the  combinational 
logic  (lit),  the  CPU  lime  for  synthesis  (svn.  time)  and  the  CPU  time 
required  for  lest  generation  (tpg  time)  are  indicated.  All  the  designs 
via  each  of  the  procedures  are  100%  testable. 

From  the  table  it  is  clear  that  our  new  approach  represents  an  at¬ 
tractive  alternative  to  either  a  CPI  -intensive  optimal  synthesis  proce¬ 
dure  or  an  area-penalizing  constrained  synthesis  procedure.  From  the 
standpoint  of  CPU  usage  for  minimization  and  test  pattern  generation 
the  CO/V.S77M IN  procedure  used  the  lead  time,  but  required  modify¬ 
ing  the  original  design.  The  COVER  procedure  completed  all  examples 
with  modest  to  reasonable  CPU  requirements.  The  OPTSYN  procedure 
required  the  greatest  amounts  of  CPU  and  was  prohibitively  expensive 
on  one  example.  Overall,  these  results  indicate  that  the  COYER  pro¬ 
cedure  improves  over  the  previous  procedures  from  the  standpoint  of 
quality  of  result  versus  CPU  time  requirements,  and  more  importantly 
is  able  to  handle  designs  that  the  previous  procedures  could  not  (with¬ 
out  modifical  ion). 
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